build(deps): bump the npm_and_yarn group across 2 directories with 8 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
axios	1.6.8	1.7.4
@sveltejs/kit	2.5.22	2.8.3
svelte	4.2.15	4.2.19
vite	4.5.3	4.5.6
vitest	1.6.0	1.6.1
astro	4.13.1	4.16.18

Bumps the npm_and_yarn group with 5 updates in the /packages/guardian-prover-health-check-ui directory:

Package	From	To
axios	1.6.2	1.7.4
@sveltejs/kit	2.0.4	2.8.3
svelte	4.2.8	4.2.19
vite	5.0.10	5.4.12
vitest	1.6.1	3.0.7

Updates axios from 1.6.8 to 1.7.4

Release notes

Sourced from axios's releases.

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

Release v1.7.3

Release notes:

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.1

Release notes:

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0

Release notes:

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

1.7.3 (2024-08-01)

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

... (truncated)

Commits

• abd24a7 chore(release): v1.7.4 (#6544)
• 6b6b605 fix(sec): CVE-2024-39338 (#6539) (#6543)
• 07a661a fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)
• c6cce43 chore(release): v1.7.3 (#6521)
• e3c76fc fix(adapter): fix progress event emitting; (#6518)
• 85d4d0e fix(fetch): fix withCredentials request config (#6505)
• 92cd8ed chore(github): update ISSUE_TEMPLATE.md (#6519)
• 8966ee7 fix(xhr): return original config on errors from XHR adapter (#6515)
• 0e4f9fa chore(release): v1.7.2 (#6414)
• 4f79aef fix(fetch): enhance fetch API detection; (#6413)
• Additional commits viewable in compare view

Updates @sveltejs/kit from 2.5.22 to 2.8.3

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.8.3

Patch Changes

• fix: ensure error messages are escaped (#13050)

• fix: escape values included in dev 404 page (#13039)

@​sveltejs/kit@​2.8.2

Patch Changes

• fix: prevent duplicate fetch request when using Request with load function's fetch (#13023)

• fix: do not override default cookie decoder to allow users to override the cookie library version (#13037)

@​sveltejs/kit@​2.8.1

Patch Changes

• fix: only add nonce to script-src-elem, style-src-attr and style-src-elem CSP directives when unsafe-inline is not present (#11613)

• fix: support HTTP/2 in dev and production. Revert the changes from #12907 to downgrade HTTP/2 to TLS as now being unnecessary (#12989)

@​sveltejs/kit@​2.8.0

Minor Changes

• feat: add helper to identify ActionFailure objects (#12878)

@​sveltejs/kit@​2.7.7

Patch Changes

• fix: update link in JSDoc (#12963)

@​sveltejs/kit@​2.7.6

Patch Changes

• fix: update broken links in JSDoc (#12960)

@​sveltejs/kit@​2.7.5

Patch Changes

• fix: warn on invalid cookie name characters (#12806)

• fix: when using @vitejs/plugin-basic-ssl, set a no-op proxy config to downgrade from HTTP/2 to TLS since undici does not yet enable HTTP/2 by default (#12907)

@​sveltejs/kit@​2.7.4

Patch Changes

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.8.3

Patch Changes

• fix: ensure error messages are escaped (#13050)

• fix: escape values included in dev 404 page (#13039)

2.8.2

Patch Changes

• fix: prevent duplicate fetch request when using Request with load function's fetch (#13023)

• fix: do not override default cookie decoder to allow users to override the cookie library version (#13037)

2.8.1

Patch Changes

• fix: only add nonce to script-src-elem, style-src-attr and style-src-elem CSP directives when unsafe-inline is not present (#11613)

• fix: support HTTP/2 in dev and production. Revert the changes from #12907 to downgrade HTTP/2 to TLS as now being unnecessary (#12989)

2.8.0

Minor Changes

• feat: add helper to identify ActionFailure objects (#12878)

2.7.7

Patch Changes

• fix: update link in JSDoc (#12963)

2.7.6

Patch Changes

• fix: update broken links in JSDoc (#12960)

2.7.5

Patch Changes

• fix: warn on invalid cookie name characters (#12806)

... (truncated)

Commits

• 429bfb7 Version Packages (#13049)
• 134e363 fix: ensure error messages are escaped (#13050)
• d338d46 fix: escape values included in dev 404 page (#13039)
• 5f8399d Version Packages (#13024)
• 1358ccc fix: use default cookie decoder (#13037)
• 570562b fix: handle empty Headers when serialising Request passed to fetch (#13023)
• 435984b Version Packages (#12992)
• 0bd4426 fix: support custom servers using HTTP/2 in production (#12989)
• 6df00fc fix: csp nonce in script-src-elem, style-src-attr and style-src-elem wh...
• c717db9 chore: update playground and add an endpoint (#12983)
• Additional commits viewable in compare view

Updates svelte from 4.2.15 to 4.2.19

Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

• fix: ensure typings for <svelte:options> are picked up (#12902)

• fix: escape < in attribute strings (#12989)

4.2.18

Patch Changes

• chore: speed up regex (#11922)

4.2.17

Patch Changes

• fix: correctly handle falsy values of style directives in SSR mode (#11584)

4.2.16

Patch Changes

• fix: check if svelte component exists on custom element destroy (#11489)

Commits

• d8b3133 Version Packages (#12990)
• 83e96e0 fix: escape < in attribute strings (#12989)
• 5ec4409 fix: ensure typings for \<svelte:options> are picked up (#12902)
• 230916f Version Packages (#11925)
• dbe6057 chore: speed up regex (#11922)
• a8deae9 Version Packages (#11594)
• 8592914 fix: correctly handle falsy values of style directives in SSR mode (#11584)
• 8e4c778 Version Packages (#11491)
• 1bab571 fix: additional check for component on destroy (svelte4) (#11489)
• See full diff in compare view

Updates vite from 4.5.3 to 4.5.6

Release notes

Sourced from vite's releases.

v4.5.6

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v4.5.5

Please refer to CHANGELOG.md for details.

v4.5.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

4.5.6 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (ef1049d)
• fix!: default server.cors: false to disallow fetching from untrusted origins (07b36d5)
• fix: verify token for HMR WebSocket connection (c065a77)

4.5.5 (2024-09-16)

4.5.4 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (e812716), closes #18115
• fix: backport #18112, fs raw query (b901438), closes #18112

Commits

• 9e460f5 release: v4.5.6
• ef1049d fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
• c065a77 fix: verify token for HMR WebSocket connection
• 07b36d5 fix!: default server.cors: false to disallow fetching from untrusted origins
• f1d8845 release: v4.5.5
• 2466c08 release: v4.5.4
• e812716 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
• b901438 fix: backport #18112, fs raw query
• See full diff in compare view

Updates vitest from 1.6.0 to 1.6.1

Release notes

Sourced from vitest's releases.

v1.6.1

This release includes security patches for:

• Remote Code Execution when accessing a malicious website while Vitest API server is listening | CVE-2025-24964

   🐞 Bug Fixes

• backport vitest-dev/vitest#7317 to v1 - by @​hi-ogawa in vitest-dev/vitest#7319

    View changes on GitHub

Commits

• 017e1ee chore: release v1.6.1
• 7ce9fbb fix: backport #7317 to v1 (#7319)
• See full diff in compare view

Updates astro from 4.13.1 to 4.16.18

Release notes

Sourced from astro's releases.

astro@4.16.18

Patch Changes

• #12757 d0aaac3 Thanks @​matthewp! - Remove all assets created from the server build

• #12757 d0aaac3 Thanks @​matthewp! - Clean server sourcemaps from static output

Changelog

Sourced from astro's changelog.

4.16.18

Patch Changes

• #12757 d0aaac3 Thanks @​matthewp! - Remove all assets created from the server build

• #12757 d0aaac3 Thanks @​matthewp! - Clean server sourcemaps from static output

4.16.17

Patch Changes

• #12632 e7d14c3 Thanks @​ematipico! - Fixes an issue where the checkOrigin feature wasn't correctly checking the content-type header

4.16.16

Patch Changes

• #12542 65e50eb Thanks @​kadykov! - Fix JPEG image size determination

• #12525 cf0d8b0 Thanks @​ematipico! - Fixes an issue where with i18n enabled, Astro couldn't render the 404.astro component for non-existent routes.

4.16.15

Patch Changes

• #12498 b140a3f Thanks @​ematipico! - Fixes a regression where Astro was trying to access Request.headers

4.16.14

Patch Changes

• #12480 c3b7e7c Thanks @​matthewp! - Removes the default throw behavior in astro:env

• #12444 28dd3ce Thanks @​ematipico! - Fixes an issue where a server island hydration script might fail case the island ID misses from the DOM.

• #12476 80a9a52 Thanks @​florian-lefebvre! - Fixes a case where the Content Layer glob() loader would not update when renaming or deleting an entry

• #12418 25baa4e Thanks @​oliverlynch! - Fix cached image redownloading if it is the first asset

• #12477 46f6b38 Thanks @​ematipico! - Fixes an issue where the SSR build was emitting the dist/server/entry.mjs file with an incorrect import at the top of the file/

• #12365 a23985b Thanks @​apatel369! - Fixes an issue where Astro.currentLocale was not correctly returning the locale for 404 and 500 pages.

4.16.13

Patch Changes

• #12436 453ec6b Thanks @​martrapp! - Fixes a potential null access in the clientside router

... (truncated)

Commits

• 84190aa [ci] release (#12774)
• d0aaac3 Prevent server sourcemaps from being part of client output (#12757)
• ba4aac1 [ci] release (#12648)
• e7d14c3 fix: checkOrigin headers check (#12632)
• 6eac6ba [ci] release (#12536)
• 65e50eb Fix JPEG image size determination (#12542)
• 6fc29e3 fix(deps): update all non-major dependencies (#12410)
• cf0d8b0 fix(i18n): render 404.astro when i18n is enabled (#12525)
• 36d8d92 [ci] release (#12501)
• b140a3f fix(routing): don't access Request headers (#12498)
• Additional commits viewable in compare view

Updates dset from 3.1.3 to 3.1.4

Commits

• 05b1ec0 3.1.4
• 16d6154 fix: prevent proto assignment via implicit string
• See full diff in compare view

Updates rollup from 3.29.4 to 3.29.5

Release notes

Sourced from rollup's releases.

v3.29.5

3.29.5

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

3.29.5

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

4.22.2

2024-09-20

Bug Fixes

• Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

• #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)

4.22.1

... (truncated)

Commits

• dfd233d 3.29.5
• 2ef77c0 Fix DOM Clobbering CVE
• See full diff in compare view

Updates axios from 1.6.2 to 1.7.4

Release notes

Sourced from axios's releases.

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

Release v1.7.3

Release notes:

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.1

Release notes:

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0

Release notes:

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

1.7.3 (2024-08-01)

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

... (truncated)

Commits

• abd24a7 chore(release): v1.7.4 (#6544)
• 6b6b605 fix(sec): CVE-2024-39338 (#6539) (#6543)
• 07a661a fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)
• c6cce43 chore(release): v1.7.3 (#6521)
• e3c76fc fix(adapter): fix progress event emitting; (#6518)
• 85d4d0e fix(fetch): fix withCredentials request config (#6505)
• 92cd8ed chore(github): update ISSUE_TEMPLATE.md (#6519)
• 8966ee7 fix(xhr): return original config on errors from XHR adapter (#6515)
• 0e4f9fa chore(release): v1.7.2 (#6414)
• 4f79aef fix(fetch): enhance fetch API detection; (#6413)
• Additional commits viewable in compare view

Updates @sveltejs/kit from 2.0.4 to 2.8.3

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.8.3

Patch Changes

• fix: ensure error messages are escaped (#13050)

• fix: escape values included in dev 404 page (#13039)

@​sveltejs/kit@​2.8.2

Patch Changes

• fix: prevent duplicate fetch request when using Request with load function's fetch (#13023)

• fix: do not override default cookie decoder to allow users to override the cookie library version (#13037)

@​sveltejs/kit@​2.8.1

Patch Changes

• fix: only add nonce to script-src-elem, style-src-attr and style-src-elem CSP directives when unsafe-inline is not present (#11613)

• fix: support HTTP/2 in dev and production. Revert the changes from #12907 to downgrade HTTP/2 to TLS as now being unnecessary (#12989)

@​sveltejs/kit@​2.8.0

Minor Changes

• feat: add helper to identify ActionFailure objects (#12878)

@​sveltejs/kit@​2.7.7

Patch Changes

• fix: update link in JSDoc (#12963)

@​sveltejs/kit@​2.7.6

Patch Changes

• fix: update broken links in JSDoc (#12960)

@​sveltejs/kit@​2.7.5

Patch Changes

• fix: warn on invalid cookie name characters (#12806)

• fix: when using @vitejs/plugin-basic-ssl, set a no-op proxy config to downgrade from HTTP/2 to TLS since undici does not yet enable HTTP/2 by default (#12907)

@​sveltejs/kit@​2.7.4

Patch Changes

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.8.3

Patch Changes

• fix: ensure error messages are escaped (#13050)

• fix: escape values included in dev 404 page (#13039)

2.8.2

Patch Changes

• fix: prevent duplicate fetch request when using Request with load function's fetch (#13023)

• fix: do not override default cookie decoder to allow users to override the cookie library version (#13037)

2.8.1

Patch Changes

• fix: only add nonce to script-src-elem, style-src-attr and style-src-elem CSP directives when unsafe-inline is not present (#11613)

• fix: support HTTP/2 in dev and production. Revert the changes from #12907 to downgrade HTTP/2 to TLS as now being unnecessary (#12989)

2.8.0

Minor Changes

• feat: add helper to identify ActionFailure objects (#12878)

2.7.7

Patch Changes

• fix: update link in JSDoc (#12963)

2.7.6

Patch Changes

• fix: update broken links in JSDoc (#12960)

2.7.5

Patch Changes

• fix: warn on invalid cookie name characters (#12806)

... (truncated)

Commits

• 429bfb7 Version Packages (#13049)
• 134e363 fix: ensure error messages are escaped (#13050)
• d338d46 fix: escape values included in dev 404 page (#13039)
• 5f8399d Version Packages (#13024)
• 1358ccc fix: use default cookie decoder (#13037)
• 570562b fix: handle empty Headers when serialising Request passed to fetch (#13023)
• 435984b Version Packages (#12992)
• 0bd4426 fix: support custom servers using HTTP/2 in production (#12989)
• 6df00fc fix: csp nonce in script-src-elem, style-src-attr and style-src-elem wh...
• c717db9 chore: update playground and add an endpoint (#12983)
• Additional commits viewable in compare view

Updates svelte from 4.2.8 to 4.2.19

Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

• fix: ensure typings for <svelte:options> are picked up (#12902)

• fix: escape < in attribute strings (#12989)

4.2.18

Patch Changes

• chore: speed up regex (#11922)

4.2.17

Patch Changes

• fix: correctly handle falsy values of style directives in SSR mode (#11584)

4.2.16

Patch Changes

• fix: check if svelte component exists on custom element destroy (#11489)

Commits

• d8b3133 Version Packages (#12990)
• 83e96e0 fix: escape < in attribute strings (#12989)
• 5ec4409 fix: ensure typings for \<svelte:options> are picked up (#12902)
• 230916f Version Packages (#11925)
• dbe6057 chore: speed up regex (#11922)
• a8deae9 Version Packages (#11594)
• 8592914 fix: correctly handle falsy values of style directives in SSR mode (#11584)
• 8e4c778 Version Packages (#11491)
• 1bab571 fix: additional check for component on destroy (svelte4) (#11489)
• See full diff in